25 matches found
EUVD-2004-2515
Malware in sbrugna...
EUVD-2004-1418
Malware in sbrugna...
EUVD-2004-1417
Malware in sbrugna...
EUVD-2005-3684
Malware in sbrugna...
CVE-2005-3687
cancelaccount.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter...
CVE-2005-3687
cancelaccount.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter...
CVE-2005-3687
CVE-2005-3687 affects WHM AutoPilot 2.5.30 and earlier. A flaw in cancel_account.php lets remote attackers cancel requests for arbitrary accounts by modifying the c parameter. The NVD metrics indicate a NETWORK attack with LOW complexity, requiring no authentication, causing PARTIAL integrity imp...
CVE-2005-3687
cancelaccount.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter...
[Full-disclosure] WMH AutoPilot: Unauthorized hosting account cancellation request
Title: WMH AutoPilot: Unauthorized hosting account cancellation request Access: Remote Product: WHM AutoPilot http://www.whmautopilot.com Severity: Moderately Low Synopsis: A vulnerability has been identified that allows the unauthorized filing of hosting account cancellation requests. Vulnerable...
CVE-2004-2524
CVE-2004-2524 affects Benchmark Designs’ WHM AutoPilot 2.4.5 and earlier. The vulnerability arises when clogin.php uses clogin_e and base64_encode to encode the target user ID in the c parameter, allowing remote attackers to read plaintext usernames and passwords from the resulting form. The desc...
CVE-2004-2524
clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogine and base64encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form...
CVE-2004-1420
Multiple cross-site scripting XSS vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 sitetitle or 2 httpimages parameter...
CVE-2004-1421
CVE-2004-1421: Affects WHM AutoPilot 2.4.6.5 and earlier. The vulnerability arises from PHP remote file inclusion through the server_inc parameter in 1) step_one.php, 2) step_one_tables.php, and 3) step_two_tables.php, enabling an attacker to reference a URL on a remote server that contains execu...
CVE-2004-1422
CVE-2004-1422 : WHM AutoPilot
CVE-2004-1421
Multiple PHP remote file inclusion vulnerabilities 1 stepone.php, 2 steponetables.php, 3 steptwotables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the serverinc parameter to reference a URL on a remote web server that contains the cod...
CVE-2004-1422
WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings...
CVE-2004-1420
WHM AutoPilot 2.4.6.5 and earlier contains multiple XSS flaws in header.php, allowing remote attackers to inject arbitrary script/HTML via site_title or http_images parameters. Affected component is WHM AutoPilot’s header.php; root cause is improper handling of user-supplied values in these param...
WHM-autopilot.txt
GulfTech Security Research December 28th, 2004 Vendor : Benchmark Designs, LLC URL : http://www.whmautopilot.com/ Version : WHM AutoPilot v2.4.6.5 && Others All Versions Risk : Multiple Vulnerabilities Description: Started by a webhost looking for more out of a simple managment script, Brandee...
CVE-2004-2524
clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogine and base64encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form...
CVE-2004-1421
Multiple PHP remote file inclusion vulnerabilities 1 stepone.php, 2 steponetables.php, 3 steptwotables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the serverinc parameter to reference a URL on a remote web server that contains the cod...